11636 matches found
OneDev Unauthenticated Arbitrary File Read
This module exploits an unauthenticated arbitrary file read vulnerability CVE-2024-45309, which affects OneDev versions use auxiliary/gather/onedevarbitraryfileread msf auxiliaryonedevarbitraryfileread show actions ...actions... msf auxiliaryonedevarbitraryfileread set ACTION msf...
Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method bsc1234809 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: CVE-2024-56326: sandbox breakout through indirect reference to format method in template file. bsc1234809 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch...
Exploit for Race Condition in Openbsd Openssh
Summary This is essentially a statistical vulnerability: a la...
OESA-2025-1006 python-jinja2 security update
Jinja2 is one of the most used template engines for Python. It is inspired by Django's templating system but extends it with an expressive language that gives template authors a more powerful set of tools. On top of that it adds sandboxed execution and optional automatic escaping for applications...
Denial Of Service (DoS)
Django is vulnerable to a denial-of-service DoS attack. The vulnerability is due to the striptags method and striptags template filter failing to handle inputs with large sequences of nested incomplete HTML entities, allowing an attacker to perform a DoS attack with specially crafted inputs...
Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: CVE-2024-56201: Fixed sandbox breakout through malicious content and filename of a template bsc1234808 CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method bsc1234809 Patch Instructions: To install this SUSE...
Race Condition
Overview PSyclone is a PSyclone - a compiler for Finite Element/Volume/Difference DSLs in Fortran Affected versions of this package are vulnerable to Race Condition due to inadequate checks for pure procedure calls in loop parallelization. This vulnerability derives from the...
PT-2025-42744
Name of the Vulnerable Software and Affected Versions golang versions 1.15 golang versions 1.19 Description The Reader.ReadResponse function in the net/textproto package experiences excessive CPU consumption. Recommendations Update to a newer version of golang that contains a fix for this...
PT-2025-44223
Name of the Vulnerable Software and Affected Versions strongSwan versions 5.9.13-2ubuntu4.25.04.1 Description The strongSwan client had an incorrect handling of EAP-MSCHAPv2 failure requests. An attacker could potentially cause a denial of service, or possibly execute arbitrary code, by tricking ...
PT-2025-30786
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the ACPICA component. A platform firmware update increasing the number of method parameters, without a corresponding update to its callers, caused...
PT-2024-17911 · Unknown · Electronic Official Document Management System
Name of the Vulnerable Software and Affected Versions: Electronic Official Document Management System affected versions not specified Description: The Electronic Official Document Management System has an Authentication Bypass issue. Although the product enforces an IP whitelist for the API used ...
CVE-2024-11944
CVE-2024-11944 affects iXsystems TrueNAS CORE (tarfile.extractall). The flaw is lack of validation of a user-supplied path in tarfile.extractall, enabling directory traversal and remote code execution with root privileges on affected installations, exploitable by network-adjacent attacker without...
Arbitrary Code Execution
Jinja2 is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper detection in the sandboxed environment caused by an oversight in how calls to str.format are handled, allowing attackers to execute arbitrary Python code if they control the content of a template and exploit...
CVE-2024-56745
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep, " " != NULL If there are ...
SUSE CVE-2024-56745
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep&options, " " != NULL If...
CVE-2024-56692
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node blkaddr in truncatenode syzbot reports a f2fs bug as below: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2534! RIP: 0010:f2fsinvalidateblocks+0x35f/0x370...
CVE-2024-53211
In the Linux kernel, the following vulnerability has been resolved: net/l2tp: fix warning in l2tpexitnet found by syzbot In l2tp's net exit handler, we check that an IDR is empty before destroying it: WARNONONCE!idrisempty&pn-;l2tptunnelidr; idrdestroy&pn-;l2tptunnelidr; By forcing memory...
CVE-2024-56745
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep&options, " " != NULL If...
AZL-55005 CVE-2024-56745 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep&options, " " != NULL If...